Ethics Self-Assessment Tool

The ethics self-assessment process aims to offer researchers an easy-to-use framework to review the ethics of their projects throughout the research cycle. The self-assessment provides a timely means to identify ethical issues and shape future discussions. The process aims to support an accurate and consistent estimation of the “ethical risks” of research proposals.

The self-assessment form and guidance can be found in the Downloads section on the right. The Data Ethics team can support you when completing the self-assessment by offering further guidance, advice and training. Please contact us, at Data.Ethics@statistics.gov.uk.


Ethics Self-Assessment Tool


Below you can find guidance on how to consider your responses to each of the 22 items grouped against the six NSDEC ethical principles. We also describe which items have the potential to be omitted where such a response can be clearly justified.

Principle 1: The use of data has clear benefits for users and serves the public good

Assessing the public good is by default highly subjective. However, when assessing the public good of your research, you should consider the definitions of public good and public interest set out in the Statistics and Registration Service Act 2007 and the
Research Code of Practice and Accreditation Criteria respectively (see the Public Benefits section on Page 4 of this guidance).
It might also help you to consider:

    1. how beneficial would your research be to the society as a whole; and
    2.  whether it is necessary to conduct this research to realise these benefits.

Please see the Centre for Applied Data Ethics’ guidance on articulating the public good – Considering public good in research and statistics: Ethics guidance

When considering the public benefit of the project you should assess how many people would be affected. If the study is focused a small proportion of the population, or a particular group, then:

  1. the research might disproportionally benefit or disadvantage a group;
  2. the societal impacts of the research might be limited; and
  3. the risk of breaching confidentiality via re-identification increases.

N/A: Omit this item if the scope of the research is specific to a particular group. However, you should justify why the research is focused on that group, and whether this, or other groups, might be adversely affected by this research.

You should consider whether the project could cause any potential negative consequences to the public, and whether these are proportionate to the proposed public benefits of the project. Where appropriate, you should also consider whether the activities involved with conducting the research project could cause any potential harm or distress to any of the individuals involved, including the research participants, the research team, or the research facilitators.

Identifying and managing bias is essential in research, and to ensure its integrity it is important that you consider:

    • the data sources used and most importantly how these are produced;
    • the methods and algorithms employed, their assumptions and constraints; and
    • the outcomes of your research and how your research is presented.

Principle 2: The data subject’s identity (whether person or organisation) is protected, information is kept confidential and secure, and the issue of consent is considered appropriately

Direct identification means using the published research outcomes to derive the identity of data subjects without the use of additional data sources. Statistical research may require access to datasets with a higher level of granularity, and to produce and publish statistics researchers might risk breaching the confidentiality of data subjects. You should make sure that adequate statistical disclosure controls are strictly applied to prevent research outcomes being used to directly identify data subjects or attributes identifying population groups.

Indirect identification involves using additional data sources along with research outcomes to derive the identity of data subjects or a set of proxy attributes that can identify individuals or population groups. Although you cannot prepare datasets for every eventuality, you should consider whether the current level of de-identification is proportionate to the datasets being used, and (as much as reasonably possible) if there are any other datasets available which could be used to indirectly identify individuals.

Data security is an essential requirement for any research environment. The level of security required should be proportionate to the data collected, used, processed and curated. Depending on the granularity and sensitivity of data, we must ensure that public data is handled in a secure and responsible manner.

If you have secured approval from a data owner to acquire or use a dataset then you will need to ensure that any further research based on that dataset falls within the context of the original agreement to use this dataset.

N/A: There may be situations where permission to access certain data is not required. In such instances, you must still provide a solid justification, along with necessary evidence, to explain why permission is not required.

Principle 3: The risks and limits of new methods and/or technologies are considered and there is sufficient human oversight so that methods employed are consistent with recognised standards of integrity and quality.

In many cases you might use a dataset without knowing the quality of the data, the methods used to collect, process and visualise the data, and any assumptions made during those processes. All these factors may compromise the validity of the research. You should therefore strive to meet recognised standards of data quality and clearly state any hypotheses and assumptions.

Compliance with recognised standards does not only ensure the validity of the research but also the reproducibility of results. Organisationally it improves the resilience of the organisation to public scrutiny and is a vital part of building public trust and confidence. Apart for auditable research procedures, researchers should have policies in place to assure the security of the research environment, for example to manage data breaches.

It is essential that researchers have an updated training portfolio over a broad spectrum of research skills and experience. Documenting these skillsets within the research team enables for more flexible working and ensures continuity and knowledge transfer. Organisationally this provides assurance that, apart from the technical systems, staff have the required expertise to undertake the research specified.

The extended use of ‘off-the-shelf’ software solutions, and the use of code sharing platforms, requires you to be vigilant of assumptions and constraints which may not always be documented. Human oversight is a critical safeguard of any research governance process, requiring an emphasis on the quality of methods used, especially as automated processes become more opaque.

N/A: Omit this item in case of fully transparent automated or manual processes with well documented assumptions.

Established methods and technologies have been tested extensively over long periods, are well documented, and have been subjected to scientific scrutiny. This offers assurance to the public that personal data are handled safely and provides confidence in the quality of research/statistical outputs. New technologies may entail a wider variety of unforeseen risks, from security to methodology, which may not have been discovered. Of course, the research community draws on innovation and should not miss the opportunity to transition to new technologies. Researchers should remain vigilant of the data sources and methods used in their projects and make sure that adequate security arrangements are in place.

N/A: Omit this item for small-scale exploratory projects and feasibility studies which are not used to produce any research/statistical outputs.

It may not be enough to state the public benefit of your research project; you also need to make sure that the methods used, and the outcomes derived, can be used to realise the public benefit. Complex statistical outputs, increased number of assumptions, or the level of granularity and geography might not properly inform the public or decision-makers.

Principle 4: Data used and methods employed are consistent with legal requirements such as Data Protection Legislation, the Human Rights Act 1998, the Statistics and Registration Service Act 2007 and the common law duty of confidence

Principle 5: The views of the public are considered in light of the data used and the perceived benefits of the research

Research does not happen in isolation, so the wider environment in which researchers operate should always be taken into account. This does not mean that the public’s views must be sought for every project, as this would be disproportionately time and resource consuming, but an overall awareness of public acceptability must be considered. Information from engagement events for similar projects, government initiatives, public polls and literature reviews are reasonable alternatives to large public consultations, focus and expert groups.

Please see the Centre for Applied Data Ethics’ guidance on considering public views and engagement regarding the use of data for research and statistics.

Securing public engagement with research projects is one strategy for facilitating research projects. This could include engagement with the public or with specialist/ interest groups. Although there are several approaches to public engagement, it is most effective to maintain regular engagement throughout the life cycle of the project. A project might be acceptable at the design phase but may warrant further engagement at a later stage e.g. when producing outputs.

N/A: Omit this item when no public engagement is required and can be clearly justified (e.g. for the production of statistics as part of statutory responsibilities; or the same, or a very similar, research project has already completed public consultation or public acceptability testing)

Please see the Centre for Applied Data Ethics’ guidance on considering public views and engagement regarding the use of data for research and statistics.

Principle 6: The access, use and sharing of data is transparent, and is communicated clearly and accessibly to the public

The use of data produced by the public offers an exciting opportunity to the statistical community but comes with a responsibility to be transparent to the public in the way we use their data. It is imperative that we share the research outcomes with the public and ensure that they remain openly accessible. This transparency principle is enshrined in the Codes of Practice for Statistics and Research under the Digital Economy Act 2017, and is also set out in the UK Research and Innovation’s Open Access Policy.

In parallel with research outcomes, researchers often develop new methods and tools to enable future research to be more effective. Where appropriate, it is good practice for researchers to make these new methods and tools available for others to use, as this enables wider research impact and innovation throughout the research community.

N/A: There are some cases where researchers may not be able to share these tools and methods, and in those instances, this item can be omitted. Firstly, when reverse engineering the tools or method could compromise the confidentiality of the statistical outputs produced. Secondly, when there is a legal agreement in place that prevents us from doing so, for example tools and methods are produced in partnership with a third party which retains intellectual property rights.

You should select an appropriate retention period for the data to ensure that your research can be reproduced and validated. Due to the significant costs in re-acquiring and preparing data we encourage you to re-use raw and linked datasets when possible. You should remain vigilant of the sensitivity of identifiable datasets to be retained when selecting retention periods and data re-use.

N/A: Omit this item when data sharing agreements or original consent does not allow re-use of the dataset.